General
-
Target
ff7e033603de3dd8bef29dbc4a7a903491caae9a0cbe7aea4cb95bd0e5ab771f
-
Size
1.2MB
-
Sample
220521-bljtjafagk
-
MD5
cbbe8cd0f5253d5082f66ced5102f40e
-
SHA1
2d14ea713fe5d2c7adc7e78992368a31a82e8957
-
SHA256
ff7e033603de3dd8bef29dbc4a7a903491caae9a0cbe7aea4cb95bd0e5ab771f
-
SHA512
336ede72d3fac344afb57060975f863c456061fac65c495dec55e1d49b9ce9c7aba38669a3f6da1971f1869e287443e7a667fca6508bdb3f991746cf3090605a
Static task
static1
Behavioral task
behavioral1
Sample
PARCEL_N.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PARCEL_N.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
agenttesla
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
333link00win
Extracted
Protocol: smtp- Host:
smtp.yandex.com - Port:
587 - Username:
[email protected] - Password:
333link00win
Targets
-
-
Target
PARCEL_N.EXE
-
Size
739KB
-
MD5
4e498eb4dc11e62ee048e2c945c4ce0f
-
SHA1
32bb45715bdecc274a24350922ee4cd033c773aa
-
SHA256
3b74c2f8330e4a13915efff621b1eaba4ba50becaa826071fc9e96edd0079f69
-
SHA512
d0eb52188fb3cb697171654446670c96b702f02805d278e7008b43873bedc6b9c8feddc8538660a944cd007c9bc77c914652dc9c8589ee23035385a0e4ca657d
-
AgentTesla
Agent Tesla is a remote access tool (RAT) written in visual basic.
-
AgentTesla Payload
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-